ios7 safari iconA new iOS vulnerability was discovered by a security researcher over the weekend, causing affected iPhones and iPads to crash and restart when following a link to an HTML page hosting specially crafted CSS code.

The vulnerability hits the WebKit rendering engine used in Safari by applying a CSS effect -- "backdrop-filter" -- that requires enough heavy graphics processing to cause iOS to crash completely.

Software engineer and security researcher Sabri Haddouche, who works for encrypted messaging app Wire, discovered the vulnerability and shared videos of its effects on Twitter. Haddouche also discussed his findings with ZDNet:

"The attack uses a weakness in the -webkit-backdrop-filter CSS property, which uses 3D acceleration to process elements behind them," Haddouche told ZDNet in an interview.

"By using nested divs with that property, we can quickly consume all graphic resources and freeze or kernel panic the OS."

Apple has been notified of the vulnerability, and Haddouche confirmed that the company is actively investigating the issue. The researcher also notes that the CSS code in its current form will freeze Safari on macOS "for a minute," and then slow it down, but the Mac won't crash. However, a modified version with Javascript could end with the same outcome as the iOS version, crashing the Mac computer that it's on.

Haddouche didn't publish the modified macOS vulnerability because once the computer reboots, Safari persists and the browser is automatically launched again with the same result, resulting in a cycle of reboots. The researcher says that he discovered the vulnerabilities during research for denial of service bugs on different web browsers.

Tag: Vulnerabiltiies
Related Forum: iOS 11

Top Rated Comments

H2SO4 Avatar
H2SO4
96 months ago
Unfortunately, he gives enough details for people to try exploiting the bug themselves.
It needs to be done. That’s how you keep big companies from brushing things under the carpet.
There are plenty of exploits Apple and others have ignored and continue to ignore. A consumer backlash is what keeps them in check.
Score: 10 Votes (Like | Disagree)
PBG4 Dude Avatar
PBG4 Dude
96 months ago
Backdrop-filter is a CSS property that allows you to create for example the background blur effect you know from iOS / macOS. You know, there is a window and the windows behind that window are blurred. It uses a lot of GPU. If you create a lot of elements with this property, Safari starts freezing. But it's not security bug. If your website causes this kind of problem, people won't be visiting it and you are the only one who has some kind of "damage" because of that. I think you can freeze browser using JavaScript, if you run a badly written function. But why would you do that?
Because, a crash is the starting point of an exploit. If you can get it to run some arbitrary code right at or after the point of crash, maybe you can make the system do something it normally wouldn’t, or shouldn’t do.
Score: 5 Votes (Like | Disagree)
Markoth Avatar
Markoth
96 months ago
It needs to be done. That’s how you keep big companies from brushing things under the carpet.
There are plenty of exploits Apple and others have ignored and continue to ignore. A consumer backlash is what keeps them in check.
Actually, this is highly improper. Generally-speaking, you inform companies a good bit prior to going live with the info, so that they have time to patch it first. If you care about those affected by this, it's the only right thing to do. This obviously hasn't been patched yet, so now millions out there are vulnerable, and anyone with enough experience can exploit it.
Score: 3 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
96 months ago
Actually, this is highly improper. Generally-speaking, you inform companies a good bit prior to going live with the info, so that they have time to patch it first. If you care about those affected by this, it's the only right thing to do. This obviously hasn't been patched yet, so now millions out there are vulnerable, and anyone with enough experience can exploit it.
This is more a nuisance bug, like the Telugu character. It's not a security bug. What exactly are millions vulnerable to, annoyance?
Score: 2 Votes (Like | Disagree)
MacSince1985 Avatar
MacSince1985
96 months ago
Unfortunately, he gives enough details for people to try exploiting the bug themselves.
Score: 2 Votes (Like | Disagree)
gaximus Avatar
gaximus
96 months ago
Because, a crash is the starting point of an exploit. If you can get it to run some arbitrary code right at or after the point of crash, maybe you can make the system do something it normally wouldn’t, or shouldn’t do.
No its not. "Getting it to run some arbitrary code", is the starting point of an exploit. in fact the crash would stop any kind of exploit because the system is down, as in can't run anymore code.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Later This Year With These 12 New Features

Thursday January 15, 2026 10:56 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another eight months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models, as of January 2026: The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID...
Read Full Article70 comments
iPhone Top Left Hole Punch Face ID Feature Purple

New Leak Reveals iPhone 18 Pro Display Sizes, Under-Screen Face ID, and More

Wednesday January 14, 2026 7:09 am PST by
While the iPhone 18 Pro models are still around eight months away, a leaker has shared some alleged details about the devices. In a post on Chinese social media platform Weibo this week, the account Digital Chat Station said the iPhone 18 Pro and iPhone 18 Pro Max will have the same 6.3-inch and 6.9-inch display sizes as the iPhone 17 Pro and iPhone 17 Pro Max. Consistent with previous...
Read Full Article65 comments
2024 iPhone Boxes Feature

Apple Adjusts Trade-In Values for iPhones, Macs, and More

Thursday January 15, 2026 11:19 am PST by
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store. The charts below provide an overview of Apple's current and previous trade-in values in the United States, according to the company's website. Most of the values declined slightly, but some of the Mac values increased. iPhone ...
Read Full Article54 comments
Apple MacBook Pro M4 hero

These 5 Apple Products Will Reportedly Be Upgraded With OLED Displays

Friday January 16, 2026 7:07 pm PST by
Apple plans to upgrade the iPad mini, MacBook Pro, iPad Air, iMac, and MacBook Air with OLED displays between 2026 and 2028, according to DigiTimes. Bloomberg's Mark Gurman previously reported that the iPad mini and MacBook Pro will receive an OLED display as early as this year, but he does not expect the MacBook Air to adopt the technology until 2028 at the earliest. A new iPad Air is...
Read Full Article65 comments
Verizon New

Verizon Offering $20 Credit After Major Outage, Here's How to Get It

Thursday January 15, 2026 7:37 am PST by
Verizon today announced it will be offering customers a $20 account credit after a major outage on Wednesday, and action is required to receive it. The carrier said affected customers can accept the credit by logging into the My Verizon app, but it might take some time before this option shows up in the app. Affected customers will receive a text message when the credit is available. On...
Read Full Article50 comments